Pentest engagements, you’re having to repeat the same tests over and over. That ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nocsi on Dec 29, 2023 \| parent \| context \| favorite \| on: Autorize – Authorization enforcement detection ext... Pentest engagements, you’re having to repeat the same tests over and over. That if you don’t automate it by the fifth repeat, you’ll lose your sanity. So the new automation tool now frees up time so you can audit on new novel areas in these engagements. But, it happens again. You’re slowly getting bored again until you inevitably write a tool to automate it. It’s a vicious cycle

haxrob on Dec 29, 2023 [–]

This is not a new plugin; it (and similar extensions) have been available for Burp and a staple for testers for a few years now.

Automating authorisation checks has less to do with novelty seeking and more to do with the practicalities of ensuring adequate coverage within the assigned engagement time frame.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact